Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Cybersecurity & Data Breaches

DOJ and FTC Clarify Antitrust Implications of Cybersecurity Information Sharing

On April 10, 2014, the Department of Justice (“DOJ”) and Federal Trade Commission (“FTC”) issued a joint policy statement on the antitrust implications of sharing cybersecurity information to help facilitate the flow of cyberintelligence throughout the private sector. The statement addresses the long-standing concern that sharing cyberintelligence may violate antitrust law under certain circumstances and explains the analytical framework for such arrangements to make it clear that legitimate cyberintelligence exchanges will not raise antitrust issues. Continue Reading

Posted in International/EU Privacy

ECJ Declares Data Retention Directive Invalid

In a decision rendered on 8 April 2014, the European Court of Justice (ECJ) declared the Data Retention Directive invalid. The Court’s decision was grounded on its conclusion that, by requiring the retention of the data falling within the scope of the Directive, and by allowing the competent national authorities to access those data, the Directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Continue Reading

Posted in Cybersecurity & Data Breaches, Privacy & Security Litigation

Federal Judge Upholds FTC’s Authority to Regulate Commercial Data Security Practices

A New Jersey federal judge yesterday issued the much-anticipated opinion in Federal Trade Commission v. Wyndham Worldwide Corp., denying Wyndham’s challenge to the FTC’s authority to regulate data security under Section 5 of the FTC Act.  Although it only represents one district court’s findings on the issue, and was not a complete surprise given some of the judge’s statements during oral argument, the decision means that the Commission for now maintains its status as the lead commercial data security regulator in the United States.

Commenting that she “ha[d] wrestled with arguments in the parties’ initial briefing, oral argument, supplemental briefing, as well as in several amici submissions,” Judge Esther Salas of the U.S. District Court for the District of New Jersey concluded, among other rulings: Continue Reading

Posted in Consumer Privacy

FTC Continues to Enforce Security Statements

The Federal Trade Commission (“FTC”) has settled with two mobile application developers, Fandango and Credit Karma, over charges that they misrepresented the security of their mobile applications.  According to the FTC, the developers failed to provide reasonable and appropriate security when their mobile applications transmitted consumers’ sensitive information.  The particular issues noted by the FTC in its complaints against the developers differ to some degree, but the complaints share a common thread:  the FTC alleges that the developers claimed to transmit sensitive data securely but disabled the Secure Sockets Layer (SSL) protocol, which authenticates and encrypts communications across networks.

Both developers have agreed to not misrepresent the privacy or security of their products and services and to establish comprehensive security programs that address security risks associated with the development and management of their products and services.  Those security programs will be subject to independent, biannual assessments over the next two years.  In the remainder of this post, we provide a high-level description of how SSL works, summarize the FTC’s complaints against Fandango and Credit Karma, and identify some important takeaways from these settlements.

Continue Reading

Posted in International/EU Privacy

Privacy Complaints Up 48% in Hong Kong in 2013: Are Businesses Prepared?

The privacy enforcement in Hong Kong under its data protection law, the Personal Data (Privacy) Ordinance (PDPO), ramped up significantly last year. Hong Kong’s Privacy Commissioner for Personal Data received 1,792 complaints in 2013, a record high. The figures show a 48% increase in complaints filed and more than a doubling of the number of enforcement notices issued by the Commissioner, with 25 enforcement notices issued in 2013 against 11 in 2012. 78% of all complaints were made against the private sector and in particular the financial, telecommunications and property sectors. The Commissioner has confirmed that a key focus for 2014 will be to increase its enforcement efforts. Continue Reading

Posted in Cybersecurity & Data Breaches

Upcoming Hogan Lovells Webcast Will Address Data Breach Preparedness and Response

On March 27, senior members of the Hogan Lovells Privacy and Cybersecurity practice will present a timely and practical webcast on how businesses can prepare for and address the risks of cybersecurity incidents in this time of high alert. Continue Reading

Posted in News & Events

Hogan Lovells Participates in the Privacy and Civil Liberties Oversight Board Hearing on Section 702 of the Foreign Intelligence Surveillance Act

At the Privacy and Civil Liberties Oversight Board hearing yesterday in Washington, D.C., Hogan Lovells partner and privacy practice lead Christopher Wolf spoke on the issue of privacy and government surveillance and provided a transnational perspective on legal regimes that regulate government access to data. From 2012 to 2013, Hogan Lovells published four White Papers (available here, here, here, and here) on government access to data in the cloud. The findings of the national security access White Paper, A Sober Look at National Security Access to Data in the Cloud, were a focal point of yesterday’s discussion. Continue Reading

Posted in Consumer Privacy

Recent TCPA Compliance Developments and Risk Minimization Tips

The Hogan Lovells Telephone Consumer Protection Act (TCPA) Working Group has published an alert addressing recent TCPA litigation and regulatory compliance developments.  The alert notes that the number of TCPA cases is increasing and summarizes recent decisions that provide guidance regarding what constitutes prior express consent for non-telemarketing calls under the TCPA and its regulations.  The alert concludes with some regulatory compliance tips to help minimize risk.

For the detailed alert authored by Mitch Zamoff, Adam Levin, Mark Brennan, and Tim Tobin, click here.